Privacy Policy

Last Updated: June 2, 2025

1. Introduction

Your privacy is important to us. This Privacy Policy explains how OpenScope Health, Inc. (“OpenScope” or “we”) collects, uses, shares, and protects your information when you use the MomDoc application and related services (the “Service”). This Policy applies to all users of MomDoc and any visitors to our website. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Not a HIPAA-Covered Entity

MomDoc is an educational tool and OpenScope is not a healthcare provider or “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA). This means the information you provide is not protected health information (PHI) under HIPAA, and this Policy is not a “HIPAA Notice of Privacy Practices.” However, we are committed to protecting your privacy and handling your data with care and security, in line with applicable laws and industry standards. We do not collect traditional medical records or personal health identifiers; in fact, we purposely avoid collecting identifying information in images or health data you upload.

Compliance with Privacy Laws

OpenScope strives to comply with all applicable U.S. privacy laws and regulations. We provide clear information about our data practices in accordance with laws like the California Consumer Privacy Act (CCPA) and similar statutes. We do not sell your personal information. Sections of this Policy also describe rights you may have under certain laws and how you can exercise them.

2. Information We Collect

We collect information that you provide to us directly, information that is collected automatically through your use of the Service, and information from third-party sources (such as payment processors for subscription transactions). The types of information we collect include:

Account Information

When you create a MomDoc account, we collect your email address and a password. We may also collect your name or username if you choose to provide it (for example, if the app offers a profile or display name feature). This information is used to create and secure your account and to communicate with you (e.g., for account verification, password reset, or customer support).

Contact and Shipping Information

If you subscribe to an annual Pro plan that includes a promotional otoscope gift, we will collect the shipping details you provide (such as your name and mailing address) to fulfill that gift. This information is used solely for delivering the product to you.

Uploaded Images and Content

When you upload an image of a pediatric condition to MomDoc, the image itself is sent to our servers and analyzed by our algorithms. We do not require or ask you to provide any personal data along with the image (for example, we don’t ask for the child’s name or medical history with the image). In fact, we encourage you not to include any identifying information in the images. The images you upload are stored in our system without any metadata that ties them to your identity or account. We assign an anonymous identifier to images for processing and model training purposes (see How We Use Information below). Keep in mind that if an image itself contains identifying features (e.g., a unique birthmark or a face), that could inadvertently reveal personal data; you should avoid uploading such images.

Usage Data

We automatically collect certain information about how you use MomDoc. This may include log data such as the dates and times you use the app, the pages or screens you view, the features you use, and your IP address or device identifier. We may also collect device information such as your device type, operating system, app version, and settings. This usage data helps us operate the Service, secure it, and understand how users interact with it so we can improve MomDoc’s performance and features.

Cookies and Similar Technologies

If you use our website or if the app uses web-based components, we may use cookies or similar tracking technologies to remember your preferences and gather analytics information. For example, we might use cookies to keep you logged in on our web portal or to analyze traffic on our site. You can configure your browser to refuse cookies, but some features of the Service may not function properly without them.

Payment Information

If you decide to purchase a Pro subscription, you will provide payment information (such as credit card details or other payment credentials) to our third-party payment processor. We do not store your full credit card number or financial account information on our servers. We receive a confirmation of payment and possibly limited billing details (such as the last four digits of your card, card type, and billing address) from the payment processor for record-keeping and receipt generation. All sensitive payment information is handled by our payment processing partners in accordance with their security protocols.

Communications

If you contact us directly (for example, by email or through a support feature), we will receive your name, email address, and any other information you choose to include in your message. We will also receive the contents of your message or attachments and any other information you provide. We use this information to respond to you and improve our customer service. We may keep records of communications and our responses.

We do not knowingly collect sensitive personal information such as social security numbers, government IDs, or biometric data, and we ask that you do not provide this information to us through the Service. The focus of MomDoc is on images of health conditions and general usage data, kept as anonymous as possible.

3. How We Use Your Information

OpenScope uses the collected information for the following purposes:

To Provide and Maintain the Service

We use your information to operate MomDoc’s core functionality. For example, we use your uploaded images to generate condition predictions and educational information. Your account information (email/password) enables you to log in and ensures that we can manage your usage (such as enforcing the free tier’s scan limit or providing Pro benefits).

To Improve and Train Our AI Models

One of the primary uses of the images you upload is to train and improve our machine learning models. By analyzing a large number of images, the AI that powers MomDoc can become more accurate and helpful. We use uploaded images in an anonymized and aggregated manner for ongoing algorithm training, testing, and refinement. For instance, we may use a service like Roboflow to help label or augment image data; in doing so, images are processed without personal identifiers attached. This process improves the Service for all users.

To Communicate with You

We use contact information (like your email) to send you service-related communications. These may include confirmations of account actions (e.g., email verification, password reset), subscription receipts, reminders about subscription renewal, security alerts (such as notifying you of important changes or detected issues), or customer support responses. If you opt in to receive marketing communications or newsletters (if offered), we might send you updates about new features or promotions, but you will have the option to unsubscribe from such communications.

To Process Payments and Fulfill Subscriptions

When you subscribe to Pro, we use your information to manage billing through our third-party payment processor (charging your card, confirming payment, etc.). If you are eligible for the otoscope gift, we use your provided shipping information to send out that product.

To Enforce Our Terms and Policies

We may use data (such as usage logs and account information) to monitor for potentially unauthorized or illegal activities on the Service. For example, we might detect misuse (like attempts to circumvent limits or upload prohibited content) and take action to enforce our Terms of Service. This helps us keep MomDoc secure and ensure users follow our guidelines.

To Provide Customer Support

Information you provide in communications (such as support emails) is used to address your questions, issues, or feedback. We also use it to improve the Service or resolve technical problems you report.

To Analyze and Improve the Service

We use usage data and analytics to understand how users interact with MomDoc. This information guides us in making improvements — for example, adding new features, enhancing user experience, or fixing bugs. We might analyze which features are most popular or identify where users encounter errors.

For Legal Compliance

We may process and retain information as required to comply with applicable laws, regulations, legal processes, or governmental requests. For example, keeping certain payment records for tax or accounting obligations, or using data to respond to data privacy requests you make.

For Safety and Fraud Prevention

We may use information to protect against, investigate, and deter fraudulent, unauthorized, or illegal activities. For instance, we might use IP addresses or other identifiers to prevent a malicious actor from spamming the Service, or to detect and block attempts to compromise our systems.

We will not use your personal information for purposes that are materially different from those disclosed in this Policy without your consent. If we plan to use your data for a new purpose, we will update this Privacy Policy and notify you as required.

4. How We Share Your Information

We understand the importance of keeping your information private. We do not sell your personal information to third parties. We only share your information in the following circumstances:

With Service Providers

We share information with third-party vendors and service providers who perform functions on our behalf to make MomDoc work. These include:

  • Machine Learning and Cloud Providers: We may use third-party platforms (such as Roboflow or cloud computing services) to store data and train our models on the images you upload. These providers are contractually obligated to keep data secure and use it only to provide services to us. The images may be processed through these platforms without any information that personally identifies you.
  • Payment Processors: We use third-party payment processors to handle subscription payments (e.g., processing credit card transactions). These processors will have access to your payment information for the purpose of processing transactions, but they are not permitted to use your data for other purposes. They are regulated entities that must comply with stringent security standards.
  • Analytics and Performance Tools: We may use analytics services (like Google Analytics or similar) to understand usage patterns on our app or website. These services might use cookies or device identifiers to generate aggregate information about usage. This information generally does not include personally identifying details, but it may include IP addresses or device info.
  • Email and Communication Services: If we send emails or notifications, we might use an email service provider to distribute those communications. In doing so, your email address (and any name you provided) would be shared with that provider strictly for sending our messages to you.

All service providers acting on our behalf are bound by appropriate confidentiality and data protection agreements. They are given only the information necessary to perform their specific function and are not allowed to use it for other purposes.

For Shipping Otoscope Gifts

If you qualify for the otoscope promotion, we will share your name and mailing address with the shipping or postal service (for example, USPS, FedEx, UPS) in order to deliver the package to you. We do not share this information with any party other than what is necessary to ensure you receive your gift.

As Required by Law or for Legitimate Business Purposes

We may disclose your information if we in good faith believe such action is necessary to:

  • Comply with a legal obligation or respond to lawful requests by public authorities (e.g., court orders, subpoenas, or regulatory requirements).
  • Protect and defend the rights, property, or safety of OpenScope, our users, or others. This includes investigating and helping prevent fraud, security issues, or technical problems.
  • Enforce our Terms of Service, Privacy Policy, or other agreements, or respond to claims that any content violates the rights of third parties.

Business Transfers

If OpenScope is involved in a merger, acquisition, sale of assets, or financing, or in the unlikely event of bankruptcy or receivership, your information may be transferred to a successor or affiliate as part of that transaction. Any new entity will have the right to continue to use your information, but only in accordance with this Privacy Policy (unless you consent to other uses).

With Your Consent

If we ever need to share your information for any other purpose not covered above, we will do so only with your explicit consent. For example, if we wanted to use a particular image for a marketing testimonial or research publication, we would contact you for permission (and you would have no obligation to grant it).

Aggregated or De-Identified Data

We may also share information that has been aggregated or de-identified, so it can no longer be linked to any individual user. For instance, we might publish insights like “X% of MomDoc users uploaded images related to skin rashes” or share de-identified images as part of academic research or case studies. Such information does not identify you personally and may be used freely.

Importantly, we do not share children’s personal information (since we do not collect personal info from children in the first place), and we do not share any user information with third parties for their own advertising or marketing purposes.

5. Data Security

OpenScope takes reasonable measures to protect your information from unauthorized access, loss, misuse, or alteration. We implement a combination of technical, administrative, and physical safeguards to secure the data we hold. These measures include:

  • Encryption: We use encryption to protect data in transit and at rest where appropriate. For example, our app and website employ HTTPS (TLS encryption) for data transmission, which helps protect data when it’s sent between your device and our servers.
  • Access Controls: We limit access to personal data to authorized employees, contractors, and service providers who need to know that information in order to process it for us. These persons are subject to strict confidentiality obligations and are trained in data protection.
  • Authentication: User accounts are protected by passwords. We encourage you to choose a strong password and keep it confidential. If available, enabling two-factor authentication (2FA) adds an extra layer of security to your account. Our systems also employ measures to detect and block suspicious login attempts.
  • Secure Storage: Personal data (like account details) is stored on secure servers. We use reputable cloud service providers that maintain high standards of security and compliance. Our databases are protected by firewalls and monitored for potential intrusions.
  • Training and Policies: OpenScope personnel are trained on data privacy and security practices. We maintain internal policies to handle user data properly and to respond swiftly to potential security incidents.
  • Testing and Updates: We regularly update our software and systems to address security vulnerabilities. We conduct periodic security assessments and may employ third-party experts to test our systems and ensure they meet security best practices.

Despite our efforts, no security measure is perfect or impenetrable. We cannot guarantee that data transmission or storage is 100% secure. You can help protect your information by using the Service responsibly – for example, keep your login credentials private and notify us if you suspect any unauthorized account access.

In the unfortunate event of a data breach that affects the security of your personal information, we will notify you and any applicable authorities as required by law. We will also take steps to mitigate the breach and prevent future occurrences.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account Information: We keep your account data (like email and profile info) for as long as your account is active. If you delete your account or if it’s terminated, we will delete or anonymize this information within a reasonable period, except to the extent we need to retain it for legal obligations or legitimate business purposes (for example, retaining proof of transactions for accounting, or records of consent for legal compliance).
  • Uploaded Images: Images that you upload to MomDoc are stored for analysis and model improvement. These images are retained indefinitely in our secure storage, but they are retained in an anonymized form (without personal identifiers). Because images are decoupled from user accounts and used in aggregate for training, we do not have a practical way to retrieve or delete individual images on request once they have been incorporated into our training datasets. We use them as part of the collective knowledge of the system. However, if you accidentally uploaded a highly sensitive image and contact us promptly, we will see if it’s feasible to locate and delete it before it becomes integrated into the training process.
  • Usage Data: Log files and analytics data are generally retained for as long as necessary for analysis and security purposes. This may range from a few months to a couple of years, depending on the type of data. We may aggregate or anonymize usage data over time (so it no longer identifies individuals) and retain those aggregated statistics indefinitely to help us understand long-term trends.
  • Communications: If you correspond with us, we may retain those communications and our responses for a period of time appropriate to manage and reference past interactions (for example, if a support issue reoccurs or to train our support team) or as required by law.
  • Backup and Archives: Residual copies of your information might remain in our backup or archival systems for a certain period. For example, we periodically create encrypted backups of our databases as a safety measure. These backups are cycled and eventually overwritten, but it’s possible that data you have deleted from the live system may persist in backups for several additional weeks or months. We also maintain logs and records for security, debugging, and legal compliance which may include some data about you; these logs are maintained separately from active user databases.

When we no longer have a legitimate business need or legal requirement to retain your information, we will securely delete or de-identify it.

7. Your Rights and Choices

Access and Correction

You have the right to access and correct the personal information you have provided to us. Many details (like your email or profile information) can be reviewed and updated by logging into your account and editing your profile or settings. If you need assistance accessing, correcting, or updating any personal data we have about you, please contact us using the information in the Contact Us section below.

Deletion of Your Data

You may request that we delete personal information we have collected from you. You can do this by deleting your account through the Service (if that functionality is available) or by contacting us. Upon receiving a verified deletion request, we will delete or anonymize your personal information from our active systems, unless retention is required for our legitimate business purposes or to comply with legal obligations. Note that, as mentioned in Data Retention, images uploaded for analysis are not linked to personal identifiers and become part of an anonymized dataset; thus, individual images may not be retrievable for deletion once processed. However, deletion of your account will disassociate your identity from any remaining data.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including the following:

  • Right to Know: You can request information about the categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting it, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you.
  • Right to Delete: You can request that we delete personal information we have collected from you (subject to certain exceptions permitted by law, such as if the information is necessary to complete a transaction you requested or to comply with a legal obligation).
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. Note: OpenScope does not sell personal information to third parties, nor do we share it for targeted advertising purposes, so this right is more about our confirmation that we don’t engage in those practices.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we won’t deny you the Service, charge you a different price, or provide a different level of quality just because you exercised your rights under CCPA.

Submitting Requests:

You (or your authorized agent) can submit requests to know or delete by contacting us at the email or mailing address in the Contact Us section of this Policy. We may need to verify your identity before fulfilling a request (for example, by confirming control of your email account or asking for details about your recent use of the Service). We will respond to verifiable requests within the timeframe required by law (generally within 45 days, with the possibility of a 45-day extension if necessary).

Disclosure of Requests:

In the past 12 months, OpenScope has not sold any personal information and has not disclosed personal information to third parties for purposes that would trigger the “Right to Opt-Out.” If this ever changes, we will update our practices and this Privacy Policy accordingly.

Opt-Out of Marketing Communications

If we send you promotional or marketing emails (for example, newsletters or product updates), you have the right to opt out of receiving those communications. You can unsubscribe by clicking the “unsubscribe” link in any marketing email, or by contacting us to have your email removed from our marketing list. Please note that even if you opt out of marketing messages, we may still send you important service-related communications (such as account notifications or security alerts).

Do Not Track Signals

Some web browsers have “Do Not Track” (DNT) features that signal a preference for privacy and a desire not to have online activity tracked across sites. There is currently no universal standard for how to interpret DNT signals. Therefore, like many websites and online services, we do not respond to “Do Not Track” signals on our website or app. If a consensus emerges on how to treat DNT signals, we will revisit this policy and update you on our practices.

Other State Privacy Rights

If you are a resident of certain other states (such as Virginia, Colorado, Connecticut, or Utah, which have enacted their own consumer privacy laws), you may have similar rights to access, correct, or delete your data, as well as to opt out of certain types of data processing. OpenScope is committed to respecting your privacy rights and will honor valid requests in accordance with applicable state laws. Please contact us to exercise any specific state rights, and we will explain the process and comply as required.

8. Children’s Privacy

No Users Under 13

MomDoc is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. Our Service and content are directed at adults (such as parents or guardians) who are concerned about pediatric health, not at children themselves. If you are under 13, you are not permitted to use MomDoc or provide any personal information to us.

Parental Supervision for Minors

If you are between 13 and 17 years old, you should only use the Service with the involvement and consent of a parent or legal guardian. The account should be registered by the parent/guardian, who can supervise the minor’s use of the Service. Even though we do not collect a child’s personal data, any information provided by a minor (such as through a support inquiry) will be treated as though it was provided with parental consent and is subject to this Privacy Policy.

Images of Children

Parents or guardians may upload images of their children’s conditions to MomDoc for analysis. These images should be de-identified as discussed above (no faces or personal details visible). We treat all uploaded images with care to ensure they are not publicly accessible and are used only internally for analysis and model improvement as described. By uploading an image of a child, you represent that you are the parent or guardian of that child or otherwise have appropriate authority to share the child’s image for these purposes.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe that a child under 13 may have provided us with personal information (for example, by misrepresenting their age to create an account), please contact us so that we can investigate and delete any such data.

9. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. If we make material changes to how we handle your personal information, we will provide you with notice in an appropriate manner (for example, by posting a prominent notice within the app or on our website, or by emailing you if you have provided your email address) prior to the change becoming effective. The “Last Updated” date at the bottom of this Policy will indicate when the latest changes were made.

Your continued use of MomDoc after any changes to this Privacy Policy signifies your acceptance of the updated terms. We encourage you to review this Policy periodically to stay informed about our data practices and your privacy rights. If you do not agree with any changes to the Policy, you should stop using the Service and may delete your account. For significant changes, we will obtain your consent if required by applicable law.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

OpenScope Health, Inc.
Attn: Privacy Officer
Email: info@openscopehealth.com
Mailing Address: OpenScope Health, Inc., 1900 Gough St #701, San Francisco, CA 94109, USA

Last Updated: June 2, 2025